Defending against cellphone spying

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

MichaelRSorg

Well-known member
Nov 1, 2020
62
6
RouterSecurity.org
There are some defensive strategies that were left out of this week's podcast (A spy in our pocket).

On Android, DNS can be used to limit the computers the phone can contact. Android 9, 10 and 11 have a feature called Private DNS that sets up an encrypted DNS server that is used system-wide. If you use this in conjunction with a Nextdns.io account (they are free), then you can use the NextDNS logging feature to see every DNS request made by the Android device. Then, you can use the black list feature of NextDNS to prevent access to specific domains and sub-domains. Older versions of Android can use the Google/Jigsaw Intra app to get access to encrypted DNS.

The elephant in the room, to me at least, is simply to turn things off.

When not using Wi-Fi, turn it off.
When not using Bluetooth, turn if off.
When not using 4G/LTE turn it off.
When you don't need location information, turn it off.
Even with them all off, you can still get phone calls and text messages.

Each is a hassle, but every increase in security requires a bit of a hassle. Always has, always will.
 

PHolder

Well-known member
Sep 16, 2020
664
2
323
Ontario, Canada
When not using 4G/LTE turn it off.
And then you can't receive a phone call or SMS... which was your entire point of having a "phone" to begin with. Not to mention if an emergency happens, now you can't dial 911 quickly and neither can your phone on your behalf (with fall and/or crash detection features.)

Even with them all off, you can still get phone calls and text messages.

What is the black magic of which you speak?? Perhaps you think that 2G or 3G is still available to everyone even if 4G/5G is disabled?? It is not the case.
 

PHolder

Well-known member
Sep 16, 2020
664
2
323
Ontario, Canada
I've never had this work this way, but perhaps things work differently in different markets. In any case if you can make a call, your phone is still pinging the towers... which means both the phone and the towers know your location within certain limits.
 

MichaelRSorg

Well-known member
Nov 1, 2020
62
6
RouterSecurity.org
In the US, I have used two of the 4 cellphone companies and each was able to send/receive calls and texts with the 4G/LTE data turned off. Whether that is always the case for all countries and all companies, I do not know.

Yes, with Bluetooth, 4G, WiFi and location/gps disabled, the phone does still interact with cell towers and thus provide a coarse location. That is the cost of being able to receive a phone call.
 

SeanBZA

Member
Oct 1, 2020
18
4
Well, with 4G you do have a separate voice data path, which uses the exact same systems as data, just it is split out by the tower from the bulk data, and processed as high priority data internal to the cell provider. Thus you can disable data, though you will find that the data channel still has data use from handshaking and the phone internal systems interacting for call setup. The SMS functions now no longer use a separate messaging channel, now only a prefix in the data stream instead.

Thus you can disable data, but still have voice, used very commonly in markets with data being billed separately from calls, and where you can get capped data wise and still have the ability to do calls. You can even set up specific DNS routings, and thus have things like separate data streams for services like Whatsapp, Facebook and Youtube, and even more specific routing so that you can say only have the educational sytem data be available, along with the provider website only. This is so you can allow "top up" data purchases from the phone, or to lock a SIM to a school or educational system intranet only, and not allow any other data use unless it is paid for.

Commonly used here from the one provider to provide "free Whatsapp", though they did limit the video and calling features after a while, as this was killing the actual purchase of voice minutes, with people only paying the minimum monthly fee (50c US) that you needed to have this feature, while they were losing massively on the data use.